System, computer program product and method of correlating safety solutions with business climate

ABSTRACT

A system, computer program product and method of correlating safety solutions implemented in a facility with the facility&#39;s business climate are provided. The system, computer program product and method are used for designing safety solutions for a facility. While doing so, a user such as a security consultant, may derive a plurality of variables from the safety solutions. The variables are used to calculate a business climate index and a safety level from which a value for a safety/climate coefficient may be calculated. The value of the coefficient indicates whether the threat level is greater than the security level, or whether the security solutions are adequate or too intrusive.

BACKGROUND OF THE INVENTION

1. Technical Field

The present invention is directed generally to impacts of securitymeasures on business climates. More specifically, the present inventionis directed to a system, apparatus and method of correlating safetysolutions with business climate.

2. Description of Related Art

Security consultants often focus on security/safety ramifications whenimplementing technology-centric solutions for a client. For example, ifthere has been one or more shootings in a bank or robberies of the bank,a security consultant may advise bank personnel to install metaldetectors at all entry points to the bank to ensure that no one is ableto enter the bank armed. This security measure may lead to a decrease oran outright elimination of shootings in the bank and/or robberies of thebank. However, depending on the number of customers who conduct businessat the bank, this safety measure may impinge on the business climate ofthe bank.

For instance, if each time a customer goes to the bank, the customerspends between a half hour to an hour in line due to the installation ofthe metal detectors, the customer may decide to conduct his/her bankingbusiness elsewhere. In this particular case, although the customer mayperceive the bank as being safer now than before, the customer maynonetheless decide that the extra time spent in line is not worth theextra sense of security. This is an adverse impact on the businessclimate of the bank. Obviously, the more customers that decide toconduct their banking businesses elsewhere due to the time spent inline, the more of an impact that safety measure may have on the businessclimate of the bank.

Thus, when designing a security solution for a client, a securityconsultant should take into account two arguably competing interests:(1) increase safety level as perceived by customers of the client and(2) minimize the impact of the increased safety mechanisms on thecustomers.

One method that may be used to ensure that before a safety measure isimplemented the impact it will have on the business climate of theclient will have been taken into consideration is to correlate the twocompeting interests to each other. Presently, no such system or methodto calculate such a correlation exists.

What is needed, therefore, is a system, apparatus and method ofcorrelating safety measures (to be implemented by a client) with theimpact of the measures on the business climate of the client.

SUMMARY OF THE INVENTION

The present invention provides a system, computer program product andmethod of correlating safety solutions implemented in a facility withthe facility's business climate. When designing safety solutions for afacility, a user such as a security consultant may derive a plurality ofvariables from the safety solutions. The variables include a securitylevel, a threat level and an intrusion level as perceived by customers,employees and/or the user. Using the security level and the threatlevel, a safety level may be calculated. Likewise, using the securitylevel and the intrusion level, a business climate index may becalculated. The business climate index and the safety level are used tocompute a value for a safety/climate coefficient. Using just the valueof the coefficient the user may determine whether the threat level isgreater than the security level, or the security solutions are adequateor too intrusive.

BRIEF DESCRIPTION OF THE DRAWINGS

The novel features believed characteristic of the invention are setforth in the appended claims. The invention itself, however, as well asa preferred mode of use, further objectives and advantages thereof, willbest be understood by reference to the following detailed description ofan illustrative embodiment when read in conjunction with theaccompanying drawings, wherein:

FIG. 1 depicts a safety level vs. security level minus threat levelgraph.

FIG. 2 depicts a business climate vs. the sum of security level andintrusion level graph.

FIG. 3 depicts a business climate vs. safety level graph.

FIG. 4 illustrates an exemplary table within which values of assessedand calculated variables may be stored.

FIG. 5 is a flowchart of a process that may be used to implement theinvention.

FIG. 6 is an exemplary block diagram illustrating a distributed dataprocessing system in which the present invention may be implemented.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

The safety level of a facility, as perceived by an observer, is afunction of the security measures implemented at the facility if any(i.e., its security level) minus any perceived threat to the facility.This can be expressed as: S_(f)L=S_(c)L−TL, where S_(f)L is the safetylevel, S_(c)L is the security level and TL is the threat level.

This is illustrated in FIG. 1 where it is shown that the safety level ata facility is directly proportional to the security level (of thefacility)—minus the threat level (at the facility). For example, ifthere is a high level of security combined with a small amount ofthreat, the safety level is high.

The security level at a facility and the threat level of the facilitycan be gleaned from any, all or a combination of the following: systemreports, observations, audits, surveys, expert opinions and anythingelse that may provide relevant data to arrive at such a conclusion. Toquantify the security level of the facility after the security measuresbeing envisioned have been implemented, a security consultant may haveto determine on a scale of one (1) to five (5), for example, one (1)being the lowest and five (5) the highest, what value to ascribe to thesecurity level of the facility based on the data gleaned above.Likewise, the security consultant may have to determine on a scale ofone (1) to five (5), one being the lowest and five the highest, whatvalue to ascribe to the threat level of the facility after theimplementation of the safety measures based on the data gleaned above.

Further, the security consultant will have to calculate a businessclimate index. The business climate index may be defined as a functionof a constant minus half the sum of the security level and the intrusionlevel of the security measures. In this particular case the constant issix (6). Thus, the equation to be used is: BC=6−(S_(c)L+IL)/2, where BCis the business climate, S_(c)L is the security level and IL is theintrusion level.

The intrusion level is defined, again on a scale of 1 to 5, to representthe amount of intrusion to a customer based on the combined amount ofsecurity systems installed. For example, video surveillance has a verylow intrusion level (people are not affected by a camera in the cornerof a room). Metal detectors, however, may have a high intrusion levelespecially when there is usually a long line for a customer to gothrough (i.e., customers will have to spend time in line each time theyhave to conduct business at that client's place of business). Thus, thehigher the intrusion level, the more likely it is to affect businessclimate.

Again, the security consultant may have to determine on a scale of one(1) to five (5), one being the lowest and five the highest, what valueto assign to the intrusion level of the security measures that are to beused. As can be seen from FIG. 2, the business climate index isinversely proportional to the sum of the security level and intrusionlevel. Note that as long as the security and intrusion levels arecalculated to fall between 1 and 5, the business climate numbercalculated will also fall between 1 and 5.

From the business climate index and the safety level that a facilitywill have after implementation of the security measures, the securityconsultant may derive a safety/climate coefficient. The safety/climatecoefficient is the safety level divided by the business climate index:

Safety/climate coefficient=S_(f)L/BC=[S_(c)L−TL]/[S_(c)L+IL]).

From this equation it can be seen that a negative coefficient means thatthe threat level is greater than the security level. Therefore, there isa low security level at the facility. If the coefficient is a positivenumber that is smaller than one (1), the business climate level ishigher than the security level, which indicates that there is some roomfor additional security measures. If, however, the coefficient is apositive number higher than one (1), then the safety measures mayimpinge on the business climate of the facility. Hence, less intrusivesecurity measures may have to be implemented. As is shown in FIG. 3, thebusiness climate of a facility may be portrayed as being inverselyproportional to the security measures used therein.

As an example, suppose a security consultant assigns a value of three(3) to a threat level and a value of four (4) to the security level of afacility, then the safety level of the facility is one (1):S_(f)L=S_(c)L−TL=4−3=1.

If the security consultant ascribes a value of one (1) to the intrusionlevel then the business climate index is 3.5:BC=6−(S_(c)L+IL)/2=6−(4+1)/2=3.5

Thus, the coefficient is 0.2857: S_(f)L/BC=1/3.5=0.2857

In this case then the business climate level is higher than the securitylevel. Thus, more stringent security measures may be implemented. Thevalues for this example may be entered into a table such as the oneshown in FIG. 4.

FIG. 5 is a flowchart of a process that may be used by a consultant whendesigning security solutions for a client. The process starts when asecurity consultant assesses the current or planned security levelS_(c)L of a facility (steps 500 and 502). After assessing the securitylevel, the consultant may assess the threat level (step 504) then theintrusion level (step 506). Note that only industry accepted methodsshould be used to assess these variables. For example, only reliabledata such as system logs, historical data, expert opinions, surveys,independent audits etc. should be used. Once the variables have beenassessed, the consultant may calculate the safety/climate coefficient(step 508) by first calculating the business climate index and thesafety level of the facility. Using the value of the coefficient, theconsultant may determine whether the design/implementation of thesecurity system is satisfactory (step 510). If so, the process ends(step 512). Otherwise, the consultant may change thedesign/implementation of the security system and the process may go backto step 502.

FIG. 6 is a block diagram illustrating a data processing system in whichthe invention may be implemented. Data processing system 600 employs aperipheral component interconnect (PCI) local bus architecture. Althoughthe depicted example employs a PCI bus, other bus architectures such asAccelerated Graphics Port (AGP) and Industry Standard Architecture (ISA)may be used. Processor 602 and main memory 604 are connected to PCIlocal bus 606 through PCI bridge 608. PCI bridge 608 also may include anintegrated memory controller and cache memory for processor 602.Additional connections to PCI local bus 606 may be made through directcomponent interconnection or through add-in boards. In the depictedexample, local area network (LAN) adapter 610, SCSI host bus adapter612, and expansion bus interface 614 are connected to PCI local bus 606by direct component connection. In contrast, audio adapter 616, graphicsadapter 618, and audio/video adapter 619 are connected to PCI local bus606 by add-in boards inserted into expansion slots. Expansion businterface 614 provides a connection for a keyboard and mouse adapter620, modem 622, additional memory 624 and an audio/video capture adapter640. Small computer system interface (SCSI) host bus adapter 612provides a connection for hard disk drive 626, tape drive 628, andCD/DVD-Drive 630. Typical PCI local bus implementations will supportthree or four PCI expansion slots or add-in connectors.

An operating system runs on processor 602 and is used to coordinate andprovide control of various components within data processing system 600in FIG. 6. The operating system may be a commercially availableoperating system, such as Windows XP, which is available from MicrosoftCorporation or AIX, which available from Internal Business MachinesCorp. An object oriented programming system such as Java may run inconjunction with the operating system and provide calls to the operatingsystem from Java programs or applications executing on data processingsystem 600. “Java” is a trademark of Sun Microsystems, Inc. Instructionsfor the operating system, the object-oriented operating system, andapplications or programs are located on storage devices, such as harddisk drive 626, and may be loaded into main memory 604 for execution byprocessor 602.

Those of ordinary skill in the art will appreciate that the hardware inFIG. 6 may vary depending on the implementation. Other internal hardwareor peripheral devices, such as flash ROM (or equivalent nonvolatilememory) or optical disk drives and the like, may be used in addition toor in place of the hardware depicted in FIG. 6. Also, the processes ofthe present invention may be applied to a multiprocessor data processingsystem.

The depicted example in FIG. 6 and above-described examples are notmeant to imply architectural limitations. For example, data processingsystem 600 may also be a notebook computer or hand held computer. Dataprocessing system 600 also may be a kiosk or a Web appliance.

The description of the present invention has been presented for purposesof illustration and description, and is not intended to be exhaustive orlimited to the invention in the form disclosed. Many modifications andvariations will be apparent to those of ordinary skill in the art. Theembodiment was chosen and described in order to best explain theprinciples of the invention, the practical application, and to enableothers of ordinary skill in the art to understand the invention forvarious embodiments with various modifications as are suited to theparticular use contemplated.

1. A method of correlating safety solutions implemented in a facilitywith the facility's business climate comprising the steps of: designingthe safety solutions; and calculating a value of a coefficient, thecoefficient being related to both the safety solutions and the businessclimate of the facility.
 2. The method of claim 1 wherein a plurality ofvariables are derived from the safety solutions, the derived variablesare evaluated and used to compute a business climate index and a safetylevel, the coefficient being inversely proportional to the businessclimate index and directly proportional to the safety level.
 3. Themethod of claim 2 wherein the plurality of variables include a securitylevel, a threat level and an intrusion level as perceived by a user, thesafety level being calculated from the security level and the threatlevel and the business climate index being calculated from the securitylevel and the intrusion level.
 4. The method of claim 3 wherein if thecoefficient is negative then the threat level is higher than thesecurity level.
 5. The method of claim 3 wherein if the coefficient ispositive and less than one, the business climate index is higher thanthe security level indicating that additional security solutions may beimplemented.
 6. The method of claim 3 wherein if the coefficient ispositive and greater than one, the business climate index is less thanthe security level indicating that the security solutions are toointrusive.
 7. The method of claim 6 wherein if the security solutionsare too intrusive, the security solutions may be changed to be lessintrusive.
 8. A computer program product on a computer readable mediumfor correlating safety solutions implemented in a facility with thefacility's business climate comprising: code means for designing thesafety solutions; and code means for calculating a value of acoefficient, the coefficient being related to both the safety solutionsand the business climate of the facility.
 9. The computer programproduct of claim 8 wherein a plurality of variables are derived from thesafety solutions, the derived variables are evaluated and used tocompute a business climate index and a safety level, the coefficientbeing inversely proportional to the business climate index and directlyproportional to the safety level.
 10. The computer program product ofclaim 9 wherein the plurality of variables include a security level, athreat level and an intrusion level as perceived by a user, the safetylevel being calculated from the security level and the threat level andthe business climate index being calculated from the security level andthe intrusion level.
 11. The computer program product of claim 10wherein if the coefficient is negative then the threat level is higher,than the security level.
 12. The computer program product of claim 10wherein if the coefficient is positive and less than one, the businessclimate index is higher than the security level indicating thatadditional security solutions may be implemented.
 13. The computerprogram product of claim 10 wherein if the coefficient is positive andgreater than one, the business climate index is less than the securitylevel indicating that the security solutions are too intrusive.
 14. Thecomputer program product of claim 13 wherein if the security solutionsare too intrusive, the security solutions may be changed to be lessintrusive.
 15. A computer system for correlating safety solutionsimplemented in a facility with the facility's business climatecomprising: at least one storage device for storing code data; and atleast one processor for processing the code data to design the safetysolutions, and to calculate a value of a coefficient, the coefficientbeing related to both the safety solutions and the business climate ofthe facility.
 16. The computer system of claim 15 wherein a plurality ofvariables are derived from the safety solutions, the derived variablesare evaluated and used to compute a business climate index and a safetylevel, the coefficient being inversely proportional to the businessclimate index and directly proportional to the safety level.
 17. Thecomputer system of claim 16 wherein the plurality of variables include asecurity level, a threat level and an intrusion level as perceived by auser, the safety level being calculated from the security level and thethreat level and the business climate index being calculated from thesecurity level and the intrusion level.
 18. The computer system of claim17 wherein if the coefficient is negative then the threat level ishigher than the security level.
 19. The computer system of claim 17wherein if the coefficient is positive and less than one, the businessclimate index is higher than the security level indicating thatadditional security solutions may be implemented.
 20. The computersystem of claim 17 wherein if the coefficient is positive and greaterthan one, the business climate index is less than the security levelindicating that the security solutions are too intrusive.